Open Bug 1884377 Opened 11 months ago Updated 2 months ago

Firefox Denial of Service due to infinite while loop and console.log.

Categories

(Firefox :: Security, defect, P3)

Product:
Firefox
Component:
Security
Type:
defect

Tracking

()

People

(Reporter: Mahtoshivnath709, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

FireFox-Crash-2024.mp4
8.57 MB, video/mp4
Details
ff_asan_log.14320.submitted
2.51 KB, text/plain
Details
Attached video FireFox-Crash-2024.mp4

Hi There!
I hope you are well.

I found that In normal case when a tab keeps slowing down the browser.
Firefox will give an option to close or kill the tab.
But i found that when we run infinite while loop along with console.log, The Firefox doesn't show any sort of warning as well as memory usage keeps increasing.

Steps to reproduce the issue.

  1. Visit https://ac5dc81ed1f6db19224aba63562a3eee.m.pipedream.net
  2. click on Click-Me
  3. You will Notice, your browser getting crashed.

For POC, Check attachment.

Thanks
Best Regards
r3dpars3c

Component: General → Security

A video is a video, it's not a Proof of Concept¹. Your linked pipedream.net testcase is a PoC.

The initial page is just a launch pad with a button that opens the second stage in a popup window so there are no surprises (very polite, thank you!). The popup file is simply:

<script>while(true){console.log(1)}</script>

The first time I tried this I did get the slow-script info bar and I used it to stop the script. The second time I tried it I never got that infobar. Memory is climbing rapidly in both parent and child processes, with at least 4x more memory being used in the parent (currently at 28Gb and 8Gb). Despite the looping script being console.log(1) there is nothing being shown on the dev tools console. When I killed the child process the parent process slowly got rid of its excess memory use and became functional again. I didn't see a crash, but maybe on a Windows machine with lower amounts of memory it would get there faster.

¹ unless the security bug is in video processing

Blocks: eviltraps
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Firefox Crash due to infinite while loop and console.log. → Firefox Denial of Service due to infinite while loop and console.log.

Right.
But when i tried to reproduce this on MAC, Mac seems to have safer memory writing methods, That still allowed to use the Firefox without closing and restarting.

Also, If you let the windows opened for a while, You will Notice, Firefox has crashed message. I saw this once when i just left Firefox opened.
Reevaluate this again.

The severity field is not set for this bug.
:serg, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(sgalich)
Severity: -- → S3
Flags: needinfo?(sergey.galich)
Priority: -- → P3

I am attaching Asan log

Attachment #9409217 - Attachment mime type: application/octet-stream → text/plain

Is this bug being patched or being left ignored ?

This issue is not being ignored, but put in our backlog. There are many DoS issues like this, e.g. Bug 1520489, Bug 1543318.

I can reproduce on Ubuntu. I do get a slow script warning, the browser freezes for a bit and then the tab crashes. After that the browser fully recovers and is responsive again.

will this issue be eligible for bounty or not ?

I'm not sure if DoS issues are in-scope for bounty. I've set the flag so the security team can take a look though.

Flags: sec-bounty?

DOS issues are out of scope for the bug bounty

Flags: sec-bounty? → sec-bounty-

but incase of browser it should've been rewarded.

See Also: → 1928670
See Also: → 1755864
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: